Publishing Avi Vantage Private IP DNS Records to Route 53

Overview

A Virtual Service on an Avi Vantage deployed in an AWS cloud can have two IP addresses:

  1. A private IP address, also known as virtual service IP address (VIP).
  2. An external IP address, also known as floating IP address.

When Route 53 is enabled in the AWS cloud, the VIP is registered with the private hosted zone while the floating IP address is registered with the public hosted zone of AWS. The fully qualified domain names (FQDNs) registered in a private hosted zone is reachable only within the cloud’s VPC. A new feature is introduced in Avi Vantage 17.2.10 which publishes the DNS A record of VIP also to the public hosted zone, in addition to the floating IP address. This enables accessibility of the VIP using FQDN across multiple VPCs.

Use Case

The typical use cases of this feature are listed below:

  • Where the applications reside outside of AWS but need to use Route 53 as a DNS provider.
  • If there are a large number of AWS VPCs, currently it is required to associate the private hosted zone with every VPC to enable DNS resolution. By enabling this new feature, this tedious configuration is no longer required.

Configuration

This feature is enabled by setting the publish_vip_public_zone flag (present in the AWS configuration) value to true through the Avi CLI. This feature is available both when the cloud-type is set to AWS, and when the cloud is non-AWS but uses AWS DNS IPAM.

Login to the Avi Controller IP address and follow the steps as mentioned below:

Configuration when the cloud-type is set to AWS


[admin:<controller-ip>]: > configure cloud <cloud_name>
[admin:<controller-ip>]: cloud> aws_configuration
[admin:<controller-ip>]: cloud:aws_configuration> publish_vip_to_public_zone
[admin:<controller-ip>]: > save

Configuration when AWS DNS is used as a DNS Service


[admin:<controller-ip>]: > configure ipamdnsproviderprofile <name>
[admin:<controller-ip>]: ipamdnsproviderprofile> aws_profile
[admin:<controller-ip>]: ipamdnsproviderprofile:aws_profile> publish_vip_to_public_zone
[admin:<controller-ip>]: ipamdnsproviderprofile:aws_profile> save

Notes:

  • To register the private VIP and the public external IP address (floating IP address), you must have public- and private-hosted zones of the same name, for example, abc.foo.com
  • To register the private IP address in a public-hosted zone, you must set publish_vip_public_zone, and choose that zone when defining the virtual service.